WordPress Shield Security Plugin <= 17.0.17 is vulnerable to Broken Access Control

Software Shield Security Type Plugin Vulnerable versions = 17.0.17 Fixed in 17.0.18 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0993 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID a6f498e522a5 Credits Ramuel Gall Required...

WordPress Arconix Shortcodes Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Arconix Shortcodes Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23703 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a66cbc072f58 Credits István Márton Requir...

WordPress Display custom fields in the frontend – Post and User Profile Fields Plugin <= 1.2.0 is vulnerable to Broken Access Control

Software Display custom fields in the frontend – Post and User Profile Fields Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-31073 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PS...

WordPress Updraft Plugin <= 0.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Updraft Type Plugin Vulnerable versions = 0.6.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-26530 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bc1184571b44 Credits Nguyen Xuan Hoa Required...

WordPress WP BrowserUpdate Plugin <= 4.4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP BrowserUpdate Type Plugin Vulnerable versions = 4.4.1 Fixed in 4.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-31078 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ca8233546f51 Credits qilin99 Required...

WordPress Forms Ada Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Forms Ada Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27613 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID e7150cfdbfda Credits Pavak Tiwari Required privilege...

WordPress Modal Dialog Plugin <= 3.5.14 is vulnerable to Cross Site Scripting (XSS)

Software Modal Dialog Type Plugin Vulnerable versions = 3.5.14 Fixed in 3.5.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-31071 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 29ef21377041 Credits LEE SE HYOUNG...

WordPress Clock In Portal- Staff & Attendance Management Plugin <= 2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Clock In Portal- Staff & Attendance Management Type Plugin Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0763 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 460bee1676e1...

WordPress Easy Slider Revolution Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Easy Slider Revolution Type Plugin Vulnerable versions = 1.0.0 Fixed in 1.1.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28622 Patch priority Medium CVSS severity Medium 5.9 Developer Claim ownership PSID e200bc473eac Credits Yuki Harum...

WordPress Woocommerce Email Report Plugin <= 2.4 is vulnerable to Cross Site Scripting (XSS)

Software Woocommerce Email Report Type Plugin Vulnerable versions = 2.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27627 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 629859a93d95 Credits Yuki Haruma...

WordPress ChatBot Plugin <= 4.4.6 is vulnerable to PHP Object Injection

Software ChatBot Type Plugin Vulnerable versions = 4.4.6 Fixed in 4.4.7 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-1650 Patch priority High CVSS severity High 5.4 Developer Claim ownership PSID 84bd0e4874e7 Credits Erwan LR Required privilege Unauthenticated...

WordPress Verified Reviews (Avis Vérifiés) Plugin <= 2.3.14 is vulnerable to Cross Site Scripting (XSS)

Software Verified Reviews Avis Vérifiés Type Plugin Vulnerable versions = 2.3.14 Fixed in 2.3.15 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23720 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4bfd6109ebaa Credits yuyudh...

WordPress ChatBot Plugin <= 4.4.8 is vulnerable to Cross Site Scripting (XSS)

Software ChatBot Type Plugin Vulnerable versions = 4.4.8 Fixed in 4.4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1651 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 0fe1f44f2072 Credits Erwan LR Required privilege...

WordPress Continuous announcement scroller Plugin <= 13.0 is vulnerable to Cross Site Scripting (XSS)

Software Continuous announcement scroller Type Plugin Vulnerable versions = 13.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-46819 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 81d873d17d59 Credits Justiice...

WordPress WP Links Page Plugin <= 4.9.3 is vulnerable to Cross Site Scripting (XSS)

Software WP Links Page Type Plugin Vulnerable versions = 4.9.3 Fixed in 4.9.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-22720 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5a20af666246 Credits István Márton Required...

WordPress WP-FormAssembly Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS)

Software WP-FormAssembly Type Plugin Vulnerable versions = 2.0.7 Fixed in 2.0.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 02e3cddecd0a Credits WordFence Required privilege...

WordPress Update Image Tag Alt Attribute Plugin <= 2.4.5 is vulnerable to Cross Site Scripting (XSS)

Software Update Image Tag Alt Attribute Type Plugin Vulnerable versions = 2.4.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27455 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ba6000222dd7 Credits...

WordPress ReviewX Plugin <= 1.6.12 is vulnerable to SQL Injection

Software ReviewX Type Plugin Vulnerable versions = 1.6.12 Fixed in 1.6.13 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-26325 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 2483e29b3913 Credits Joshua Martinelle Required privilege Subscriber...

WordPress ShopEngine Plugin <= 4.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software ShopEngine Type Plugin Vulnerable versions = 4.1.1 Fixed in 4.2.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-45371 Patch priority Low CVSS severity Low 5.4 Developer Wpmet PSID 491b80f78482 Credits Muhammad Daffa Required privilege...

WordPress Motors – Car Dealer & Classified Ads Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Motors – Car Dealer & Classified Ads Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-38716 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 076e6b4c8854 Credit...